repost of comment: 'passwords are bad use asymmetric keys' on Tuesday August 12, @08:07AM (#24566319)
the copy-paste, then the amendment:
The solution to authentication is something like the IronKey (a hardened USB drive for storing passwords) but with asymmetric crypto.
So you would go to Gmail, gmail would send a challenge that goes to the browser. A library on your browser would send the challenge to the USB device. The USB device would respond by signing the challenge asymmetrically, and that signature would route back through the browser to Gmail. Then you have 1 authenticated session until you destroy it. For sake of convenience imagine the implementation as using PGP -- public key, private key. Gmail has the public key, your USB device has the private key.
This is great since you could read your webmail on a friend's computer, or post Slashdot comments without leaving behind a persistent authentication token (barring a fake logout screen). Or there could be a keylogger on your home computer but it wouldn't be able to scrape persistent passwords and pass those on.
The only reason that humans don't use asymmetric security is that we're too stupid. Otherwise if we wanted high security we would be looking at screens of cyphertext and reversing the one-way function (a^b=c) in our heads. Given that we're too dumb, why not do not put our authenticator on a device that goes on a keychain with our other keys? (And you could make a backup just like with your other keys.)
[...] -- amendment --
- no I'm not talking about a simple USB drive. That's why the IronKey is dumb since a rooted PC could mirror it. - the usb device could have all sorts of fancy stuff like LED screen or PIN, i.e. it's not just a flashdrive as I said, it does public-private key crypto -- you can't read all its private data by plugging it in. the point is to get support for asymmetric authentication and allow the free market to provide the level of extra nuisance consumers want. - 90% don't want this, which is good, happy for them, I'm part of the 10%. So the legacy symmetric password support wouldn't go away and the 10% who want asymmetric passwords on a hardened low complexity (complexity is the enemy of security -- that's why your PC is as leaky as a sieve) device would have that option. - i like bullet points - proof-of-concept on a smartphone might be helpful.
I don't catch your content versus engine statement. No I disagree. Content is tied to engines. It's ephemeral.
Actually I'm thinking I have an original point here. Indirectly, because of Moore's Law computer games depreciate rapidly. As you say toolchains may not. SDL is a good example, it's free software and unlike all the stuff you see on linuxgames.com like games based on the quake3 engine it will iterate and not depreciate. Game engines do depreciate. They last about 3 years maybe. Look at the Torque Games Tribes engine. It was state of the art, they tried to start a whole indie market over it, but at the end of the day, game engines only last a few years until they get torn all the way down and started from scratch again. It's Moore's Law speeding ahead too quickly for software engineering to iterate rather than start from scratch. New stuff shows up like shaders or whatnot. I'm not a graphics guru, but I think I have the right idea here.
Games depreciate rapidly. Game engines do too, but not exactly as rapidly. Game toolsets like SDL retain value long enough for free software to succeed.
"Unfortunately, it seems they'd rather try to package up their engine and sell it."
Again, sentiment. How about trees? There's a company that sells the tree generation graphics to all the game makers, check it out. It's profitable. Self sustaining.
the idea here is that asymmetric keys would be opt-in. so the old lame password standard would still be supported for 90% of the users that don't care.
"Unfortunately for those of us on Linux/Mac, a lot of Windows developers don't care."
Games are different from other software in that free software isn't a good development model to make blockbusters like Fallout 3, Diablo 3, or Oblivion versus software that is "easier" like Apache, Samba, and the Linux kernel. Maybe since games depreciate?
Game developers eat food. Maslov's hierarchy of needs would put starvation over "caring" even if they did "care" about the/. cottage industry of technological egalitarianism. I think there's a disconnect here between/. and the market. Waving ad misercordium around is good and all unless you think it is going to change capitalistic decisions for throwaway software when the most profitable decision by far is DirectX. Unless you can change the economics, there's no use appealing to sentiment.
The solution to authentication is something like the IronKey (a hardened USB drive for storing passwords) but with asymmetric crypto.
So you would go to Gmail, gmail would send a challenge that goes to the browser. A library on your browser would send the challenge to the USB device. The USB device would respond by signing the challenge asymmetrically, and that signature would route back through the browser to Gmail. Then you have 1 authenticated session until you destroy it. For sake of convenience imagine the implementation as using PGP -- public key, private key. Gmail has the public key, your USB device has the private key.
This is great since you could read your webmail on a friend's computer, or post Slashdot comments without leaving behind a persistent authentication token (barring a fake logout screen). Or there could be a keylogger on your home computer but it wouldn't be able to scrape persistent passwords and pass those on.
The only reason that humans don't use asymmetric security is that we're too stupid. Otherwise if we wanted high security we would be looking at screens of cyphertext and reversing the one-way function (a^b=c) in our heads. Given that we're too dumb, why not do not put our authenticator on a device that goes on a keychain with our other keys? (And you could make a backup just like with your other keys.)
I can't wait until/. posts the next stupid idea for replacing passwords (my favorite ice cream is LBtHrbjCi) so that I can copy-paste this comment again until I get early enough for +5.
In the story, he busts out an oscilloscope and sees cycles at a particular frequency.
Turing machines exist in a Platonic universe where there is no time, only a clock cycle of mysterious unitary duration going to a single tape head (cpu). In a real computer, time exists, voltages aren't perfect, and we don't use Turing's upside down e's in an control layer interleaved with the data, there's heaps, stacks, data segment all that (maybe subverting my point since both Turing and Von Neumann described implementations -- the breakthrough for post-axiomatic logic). The computer science is good, it provides complexity classes and stuff but implementations are on Earth not in mathworld, that's why the character in his story makes an actual measurement instead of just sitting in an armchair and thinking. The measurement finds that, hey there is something going on in the implementation of the Turing machine.
Otherwise, good point.
Maybe another way to think about this would be to say what if the Internet started dreaming in the latencies of tcp/ip packets, in the same way as is described in the story. Unexpectedly a chaotic yet ordered meta-information carrying semantics in the billions of network components, as if there was nothing special about cognition, just a need for a digital and active substrate.
What is the current listing status for www.google.com/?
This site is not listed as suspicious.
What happened when Google visited this site?
Of the 365492 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 07/30/2008, and suspicious content was never found on this site within the past 90 days.
Malicious software includes 1 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.google.com/ appeared to function as an intermediary for the infection of 2 site(s) including slashdot.org, microsoft.com. [see for yourself] Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
There is 1 intriguing asymptote in exponential technological advancement, and no it can't be technology given that phrase: "exponential _blank_ advancement" since exponential growth does not result in an asymptote.
The interesting asymptote is personal infinite longevity. Until someone builds a better mousetrap, or the Andromeda collides with the Milky Way and the merger yields a quasar galaxy before the Sol engulfs the Earth on its path to dimming down before eventual supernova with what it has stolen from Jupiter. Because maybe the quasar happens first. Oh, so maybe that wasn't a personal longevity asymptote, huh? Singularity is a crappy term to throw around, it's like the Standford Singularity Summit [free audio online] where some guy was using this term negentropy like he was allowed to say reverse entropy. You can't have reverse entropy, not yours. The standard model does not rule out time travel, but it does not predict time travel, so the thermodynamic arrow of time is fine being a one-way street.
Uh what was I talking about thought I was on blogjournal, just fooling. So yeah, mind the s-word, folks. It has a precise mathematical meaning -- and I donut believe in the silliness that the exponential technological advancement causes those causing the technological advancement to be lost in pure confusion is a valid escapism permitting usage of the term singularity.
whatever to Kurzweill. gimme more singularity summit audio to digest.
Let's stop reading fiction! It's a waste of cpu cycles^W^Whuman cognition. Form supreme Voltron englightenment now... I liked the comments on BoingBoing better.
Java and Visual Basic are mostly in-house business apps. Top shelf apps that are getting installed on lots of machines are C++ (your office suite, browser, tools, etc.) If there's no danger of cpu bound tasks, C#. Web stuff, PHP, isn't installed everywhere but is used by many browsers. The #'s of installs are not reflected in the methodology.
I seem to recall that the burning of the Library of Alexandria may have been overrated but I don't have a link for you.
Something like the primary source that's the standby, and in all the textbooks may have been propaganda in some other setting for some other purpose. With there being no other accounts of that event. Vague enough? Possibly something to check in to.
mental illness is sad. 1 beer a day will not cure dementia. Fischer was truly epic in his takedown of the Russian "machine". Then the American politicians screwed him for playing the immortal game during a temporal war. In chess you don't have to die young to leave a good looking corpse you just have to get out of the spotlight while you're ahead. (Britney Spears take note.) Well we have his radio rants happy about 11-9 but at least no bad chess games out of his prime.
I'd rather you use the big old evil word, "evolution," rather than Darwinist or Darwinian.
Reason: conservative moonbats attack science by making it personal. For example, Rush Limbaugh attacks global climate change by saying that Al Gore is everywhere and listening to Al Gore makes him want to put a gun in his mouth (I am not making this up, we live in La La Land.)
Another reason is that the recent spate of articles catching on to calorie restriction as a method of life extension avoid the word "evolution" when discussing the reason that it works. The reason that fasting prolongs life is that evolution changes the aging governor in people who are experiencing famine to save them for reproduction later. No one, not Slate or NYT or Scientific American includes the word "evolution" when talking about this effect.
So let's drop the personification of theories. After all, evolution is a lot more than Darwin knew about, the theory has tremendous explanatory value and shouldn't be pegged to centuries ago.
JBS Haldane, 1940:
1. Events occur which are not perceived by any mind. 2. There were unperceived events before there were any minds. And I also believe, though this is not a necessary logical deduction from the former two, that: 3. When a man has died he is dead.
Instead of having propagandists Moore or Gore steer your eyes around, you could, I don't know, read some science.
This means that, with the 0.5C global warming of the past few decades, the Earth's average temperature is just now passing through the peak Holocene temperature level. Furthermore, the current planetary energy imbalance of about 34 W/m2 implies that global warming already "in the pipeline", about another 0.5C, will take us about halfway to the global temperature that existed at the peak of the Eemian period. http://www.sciam.com/media/pdf/hansen.pdf
What you mean that we've had some natural global warming as well as human global warming? That's like totally not fair, I thought this survival of life on Earth was going to be as seen on TV!
For the comment that climate change from humans doesn't compare to a single volcanic eruption, yeah sure I have a book for you, Krakatoa: The Day the World Exploded, 27 August 1883, you're not exactly comparing a dangerous phenomena with a safe phenomena.
Let them do whatever they want with artists who have signed to their subsidiaries. Artists don't have to sign the same old contracts any more now that the Internet exists, so let economics figure it out.
I have the feeling that this would be like the Canadian blank CD-r tax. Money goes to the RIAA despite the existence of non-RIAA bands.
I think the way to visualize the number of ipv6 addresses, is instead of looking at how many ipv6 ip addresses there are is to look at how many routers prefixes are going to be available. Since as with ipv4, allocation is not perfect.
ipv6 addresses = 2^128 = 3.4 * 10^38 possible ipv6 router prefixes = 2^(64 - 3) = 2,305,843,009,213,693,952 routers / (6.6 * 10^9 humans) = 349,370,152 possible globally addressed routers per person And "over 80%" of ipv6 space is still unassigned. The "- 3" is due to "IANA unicast assignments are currently limited to the IPv6 unicast range of 2000::/3." [http://www.iana.org/assignments/ipv6-address-spac e] Should be enough.
wrt, the initial topic, from the IPv6 Essentials (2006) book reviewed on/., "In Asia, IPv6 is already a reality. The high population and accelerated Internet growth rate, combined with the limited IPv4 address space, does not leave any other choices." Also U.S. DoD announced in 2003 that ipv6 is now a purchasing requirement and they expect migration by 2008. Where DoD goes with a purchasing requirement, the rest may follow.
I wouldn't buy any cheap ipv4 hw.
From the +5 comments seems that there are some ipv6 hindrances with ARIN that need to be corrected, regardless of the other statements.
The designers of ipv6 find NAT inelegant & obsolete, but organizations can still use an ipv6-style NAT anyway.
Slashdot Mirror
repost of comment: 'passwords are bad use asymmetric keys' on Tuesday August 12, @08:07AM (#24566319)
the copy-paste, then the amendment:
The solution to authentication is something like the IronKey (a hardened USB drive for storing passwords) but with asymmetric crypto.
So you would go to Gmail, gmail would send a challenge that goes to the browser. A library on your browser would send the challenge to the USB device. The USB device would respond by signing the challenge asymmetrically, and that signature would route back through the browser to Gmail. Then you have 1 authenticated session until you destroy it. For sake of convenience imagine the implementation as using PGP -- public key, private key. Gmail has the public key, your USB device has the private key.
This is great since you could read your webmail on a friend's computer, or post Slashdot comments without leaving behind a persistent authentication token (barring a fake logout screen). Or there could be a keylogger on your home computer but it wouldn't be able to scrape persistent passwords and pass those on.
The only reason that humans don't use asymmetric security is that we're too stupid. Otherwise if we wanted high security we would be looking at screens of cyphertext and reversing the one-way function (a^b=c) in our heads. Given that we're too dumb, why not do not put our authenticator on a device that goes on a keychain with our other keys? (And you could make a backup just like with your other keys.)
[...]
-- amendment --
- no I'm not talking about a simple USB drive. That's why the IronKey is dumb since a rooted PC could mirror it.
- the usb device could have all sorts of fancy stuff like LED screen or PIN, i.e. it's not just a flashdrive as I said, it does public-private key crypto -- you can't read all its private data by plugging it in. the point is to get support for asymmetric authentication and allow the free market to provide the level of extra nuisance consumers want.
- 90% don't want this, which is good, happy for them, I'm part of the 10%. So the legacy symmetric password support wouldn't go away and the 10% who want asymmetric passwords on a hardened low complexity (complexity is the enemy of security -- that's why your PC is as leaky as a sieve) device would have that option.
- i like bullet points
- proof-of-concept on a smartphone might be helpful.
I don't catch your content versus engine statement. No I disagree. Content is tied to engines. It's ephemeral.
Actually I'm thinking I have an original point here. Indirectly, because of Moore's Law computer games depreciate rapidly. As you say toolchains may not. SDL is a good example, it's free software and unlike all the stuff you see on linuxgames.com like games based on the quake3 engine it will iterate and not depreciate. Game engines do depreciate. They last about 3 years maybe. Look at the Torque Games Tribes engine. It was state of the art, they tried to start a whole indie market over it, but at the end of the day, game engines only last a few years until they get torn all the way down and started from scratch again. It's Moore's Law speeding ahead too quickly for software engineering to iterate rather than start from scratch. New stuff shows up like shaders or whatnot. I'm not a graphics guru, but I think I have the right idea here.
Games depreciate rapidly. Game engines do too, but not exactly as rapidly. Game toolsets like SDL retain value long enough for free software to succeed.
"Unfortunately, it seems they'd rather try to package up their engine and sell it."
Again, sentiment. How about trees? There's a company that sells the tree generation graphics to all the game makers, check it out. It's profitable. Self sustaining.
tl;didn't proof-read
the idea here is that asymmetric keys would be opt-in. so the old lame password standard would still be supported for 90% of the users that don't care.
sorry I said drive out of habit from the ubiquity of flashdrives. what i mean is what you mean tho.
i am thinking i should write an app for this, like you say. something that can live on a phone.
"(barring a fake logout screen)"
So actually you could have the device authenticate that the logout has occurred as well with an embedded LED screen.
The main thing though is to switch to asymmetric keys, imo.
"Unfortunately for those of us on Linux/Mac, a lot of Windows developers don't care."
Games are different from other software in that free software isn't a good development model to make blockbusters like Fallout 3, Diablo 3, or Oblivion versus software that is "easier" like Apache, Samba, and the Linux kernel. Maybe since games depreciate?
Game developers eat food. Maslov's hierarchy of needs would put starvation over "caring" even if they did "care" about the /. cottage industry of technological egalitarianism. I think there's a disconnect here between /. and the market. Waving ad misercordium around is good and all unless you think it is going to change capitalistic decisions for throwaway software when the most profitable decision by far is DirectX. Unless you can change the economics, there's no use appealing to sentiment.
The solution to authentication is something like the IronKey (a hardened USB drive for storing passwords) but with asymmetric crypto.
So you would go to Gmail, gmail would send a challenge that goes to the browser. A library on your browser would send the challenge to the USB device. The USB device would respond by signing the challenge asymmetrically, and that signature would route back through the browser to Gmail. Then you have 1 authenticated session until you destroy it. For sake of convenience imagine the implementation as using PGP -- public key, private key. Gmail has the public key, your USB device has the private key.
This is great since you could read your webmail on a friend's computer, or post Slashdot comments without leaving behind a persistent authentication token (barring a fake logout screen). Or there could be a keylogger on your home computer but it wouldn't be able to scrape persistent passwords and pass those on.
The only reason that humans don't use asymmetric security is that we're too stupid. Otherwise if we wanted high security we would be looking at screens of cyphertext and reversing the one-way function (a^b=c) in our heads. Given that we're too dumb, why not do not put our authenticator on a device that goes on a keychain with our other keys? (And you could make a backup just like with your other keys.)
I can't wait until /. posts the next stupid idea for replacing passwords (my favorite ice cream is LBtHrbjCi) so that I can copy-paste this comment again until I get early enough for +5.
You haven't demonstrated that a human doesn't use the Monte Carlo method as well.
reference
http://xkcd.com/456/
In the story, he busts out an oscilloscope and sees cycles at a particular frequency.
Turing machines exist in a Platonic universe where there is no time, only a clock cycle of mysterious unitary duration going to a single tape head (cpu). In a real computer, time exists, voltages aren't perfect, and we don't use Turing's upside down e's in an control layer interleaved with the data, there's heaps, stacks, data segment all that (maybe subverting my point since both Turing and Von Neumann described implementations -- the breakthrough for post-axiomatic logic). The computer science is good, it provides complexity classes and stuff but implementations are on Earth not in mathworld, that's why the character in his story makes an actual measurement instead of just sitting in an armchair and thinking. The measurement finds that, hey there is something going on in the implementation of the Turing machine.
Otherwise, good point.
Maybe another way to think about this would be to say what if the Internet started dreaming in the latencies of tcp/ip packets, in the same way as is described in the story. Unexpectedly a chaotic yet ordered meta-information carrying semantics in the billions of network components, as if there was nothing special about cognition, just a need for a digital and active substrate.
http://www.google.com/safebrowsing/diagnostic?site=www.google.com
What is the current listing status for www.google.com/?
This site is not listed as suspicious.
What happened when Google visited this site?
Of the 365492 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 07/30/2008, and suspicious content was never found on this site within the past 90 days.
Malicious software includes 1 trojan(s). Successful infection resulted in an average of 0 new processes on the target machine.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, www.google.com/ appeared to function as an intermediary for the infection of 2 site(s) including slashdot.org, microsoft.com. [see for yourself]
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.
There is 1 intriguing asymptote in exponential technological advancement, and no it can't be technology given that phrase: "exponential _blank_ advancement" since exponential growth does not result in an asymptote.
The interesting asymptote is personal infinite longevity. Until someone builds a better mousetrap, or the Andromeda collides with the Milky Way and the merger yields a quasar galaxy before the Sol engulfs the Earth on its path to dimming down before eventual supernova with what it has stolen from Jupiter. Because maybe the quasar happens first. Oh, so maybe that wasn't a personal longevity asymptote, huh? Singularity is a crappy term to throw around, it's like the Standford Singularity Summit [free audio online] where some guy was using this term negentropy like he was allowed to say reverse entropy. You can't have reverse entropy, not yours. The standard model does not rule out time travel, but it does not predict time travel, so the thermodynamic arrow of time is fine being a one-way street.
Uh what was I talking about thought I was on blogjournal, just fooling. So yeah, mind the s-word, folks. It has a precise mathematical meaning -- and I donut believe in the silliness that the exponential technological advancement causes those causing the technological advancement to be lost in pure confusion is a valid escapism permitting usage of the term singularity.
whatever to Kurzweill. gimme more singularity summit audio to digest.
http://en.wikipedia.org/wiki/An_Apology_for_Poetry (1595)
Let's stop reading fiction! It's a waste of cpu cycles^W^Whuman cognition. Form supreme Voltron englightenment now... I liked the comments on BoingBoing better.
Java and Visual Basic are mostly in-house business apps.
Top shelf apps that are getting installed on lots of machines are C++ (your office suite, browser, tools, etc.) If there's no danger of cpu bound tasks, C#.
Web stuff, PHP, isn't installed everywhere but is used by many browsers.
The #'s of installs are not reflected in the methodology.
I seem to recall that the burning of the Library of Alexandria may have been overrated but I don't have a link for you.
Something like the primary source that's the standby, and in all the textbooks may have been propaganda in some other setting for some other purpose. With there being no other accounts of that event. Vague enough? Possibly something to check in to.
http://home.att.ne.jp/moon/fischer/
mental illness is sad. 1 beer a day will not cure dementia.
Fischer was truly epic in his takedown of the Russian "machine". Then the American politicians screwed him for playing the immortal game during a temporal war.
In chess you don't have to die young to leave a good looking corpse you just have to get out of the spotlight while you're ahead. (Britney Spears take note.)
Well we have his radio rants happy about 11-9 but at least no bad chess games out of his prime.
I agree whole heartedly.
I'd rather you use the big old evil word, "evolution," rather than Darwinist or Darwinian.
Reason: conservative moonbats attack science by making it personal. For example, Rush Limbaugh attacks global climate change by saying that Al Gore is everywhere and listening to Al Gore makes him want to put a gun in his mouth (I am not making this up, we live in La La Land.)
Another reason is that the recent spate of articles catching on to calorie restriction as a method of life extension avoid the word "evolution" when discussing the reason that it works. The reason that fasting prolongs life is that evolution changes the aging governor in people who are experiencing famine to save them for reproduction later. No one, not Slate or NYT or Scientific American includes the word "evolution" when talking about this effect.
So let's drop the personification of theories. After all, evolution is a lot more than Darwin knew about, the theory has tremendous explanatory value and shouldn't be pegged to centuries ago.
JBS Haldane, 1940:
What you mean that we've had some natural global warming as well as human global warming? That's like totally not fair, I thought this survival of life on Earth was going to be as seen on TV!
For the comment that climate change from humans doesn't compare to a single volcanic eruption, yeah sure I have a book for you, Krakatoa: The Day the World Exploded, 27 August 1883, you're not exactly comparing a dangerous phenomena with a safe phenomena.
Please to be renaming to Lance-Puke or Javelin-Puke or Dirk-Puke.
kthx.
Let them do whatever they want with artists who have signed to their subsidiaries. Artists don't have to sign the same old contracts any more now that the Internet exists, so let economics figure it out.
I have the feeling that this would be like the Canadian blank CD-r tax. Money goes to the RIAA despite the existence of non-RIAA bands.
Exactly the same as the article summary. I don't remember the title, though. Anyone?
Kneejerk reactions modded me down by not reading what I actually wrote, but that's all good. :)
I think the way to visualize the number of ipv6 addresses, is instead of looking at how many ipv6 ip addresses there are is to look at how many routers prefixes are going to be available. Since as with ipv4, allocation is not perfect.
c e] Should be enough.
/., "In Asia, IPv6 is already a reality. The high population and accelerated Internet growth rate, combined with the limited IPv4 address space, does not leave any other choices." Also U.S. DoD announced in 2003 that ipv6 is now a purchasing requirement and they expect migration by 2008. Where DoD goes with a purchasing requirement, the rest may follow.
ipv6 addresses = 2^128 = 3.4 * 10^38
possible ipv6 router prefixes = 2^(64 - 3) = 2,305,843,009,213,693,952 routers / (6.6 * 10^9 humans) = 349,370,152 possible globally addressed routers per person
And "over 80%" of ipv6 space is still unassigned. The "- 3" is due to "IANA unicast assignments are currently limited to the IPv6 unicast range of 2000::/3." [http://www.iana.org/assignments/ipv6-address-spa
wrt, the initial topic, from the IPv6 Essentials (2006) book reviewed on
I wouldn't buy any cheap ipv4 hw.
From the +5 comments seems that there are some ipv6 hindrances with ARIN that need to be corrected, regardless of the other statements.
The designers of ipv6 find NAT inelegant & obsolete, but organizations can still use an ipv6-style NAT anyway.
Someone bother to cut & paste the actual numbers in context, since I think that comment is way off base.